X Windows on a Production Server

Ever since I've gotten into systems administration I've been told that I shouldn't have X Windows on a production server as it just adds another possible source for vulnerabilities.

However I'm planning to deploy a test Linux application server running FreeNX and one of the requirements for the applications will probably be X (since we'll be exporting graphical programs)

Does anyone know if there are any serious problems with X on a server which will also act as a webserver and a database server?

If so is there any recommended solution other than splitting the servers up? Has anyone had luck chrooting X?

Thanks a lot.

Xel.

Daemonguy

Moderator

Posts: 2700

Loc: Somewhere outside the box in Sarasota, FL.

3+ Months Ago

X itself has a slew of vulnerabilities, which is why most servers that are internet facing do not run X.
However, if you require X to install/configure a package but NOT to actually run it you might consider simply having X NOT initiate at startup.
Use the command line function to begin X rather than xdm control.

Exporting graphical programs does not in and of itself *require* that the server be running a graphical environment. I would look into that a bit more.